Date: Thu, 21 Dec 2006 13:45:15 +0000 From: Daniel Bye <dan@slightlystrange.org> To: David Banning <david+dated+1167109465.e841d1@skytracker.ca> Cc: questions@freebsd.org Subject: Re: question on hosts.allow Message-ID: <458A8FEB.7090805@slightlystrange.org> In-Reply-To: <20061221050424.GA94983@skytracker.ca> References: <20061221050424.GA94983@skytracker.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Banning wrote: > I have been running denyhosts to stop attacks on my ssh port. > > The attacks continue after protection is put in place. > > Here is what I have in the tail of my /etc/hosts.allow > as per the installation instructions; > ------------------------- > ...<snip> > sshd : /etc/hosts.deniedssh : deny > sshd : ALL : allow > ------------------------- > > and in /etc/hosts.deniedssh I have; > > ------------------------- > sshd: 82.165.182.220 : deny > sshd: 200.52.90.100 : deny > ------------------------- This isn't quite right. This file should contain IP addresses, one per line, without any of the extraneous stuff - the `sshd' and `deny' bits are taken care of by the sshd : /etc/hosts.deniedssh : deny line in /etc/hosts.allow. (Effectively, with your current setup, your hosts.allow rules expand to something like this: sshd : sshd : 82.165.182.220 : deny : deny which doesn't make much sense!) At a guess, your BLOCK_SERVICE is set to something other than an empty value. It needs to be "BLOCK_SERVICE =" (without the quotes, of course...) to ensure that only offending IP addresses get written out to the auxiliary file. > > but I am still receiving attacks from the last IP address. So I am wondering > what program actually -reads- hosts.allow It should be read by anything that's built with tcpwrappers support. In this case, it would be sshd. > May be it has to be reset, or restarted? No, I don't think so. I would imagine the problem is the screwy syntax of your config. Try setting BLOCK_SERVICE in /usr/local/etc/denyhosts.conf, restart DenyHosts and see what happens... Dan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFio/rixf5fBYiFmoRAqQGAJ9USWP47e9nC6ChfhL8BzdxX7tFRwCgvUA9 U/pe3iiTdjkKzBctcaAU50k= =QmiM -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?458A8FEB.7090805>